Categories: SecurityWorkspace

Cyber Attack Cost Rises Again For Breached Organisations

For companies that get breached by a cyber attack, the cost can be heavy and it is only getting worse, a study from the Ponemon Institute has suggested.

Looking across 234 companies in six countries that had experienced cyber crime, the average annualised cost for each organisation stood at $7.2 million (£4.5 million), although there was a range of $375,387 to $58 million. Nevertheless, this represented a sharp 30 percent jump from the same Ponemon study of last year.

The UK was below the average, with $4.72 million, compared to $11.56 million in the US and $7.56 million in Germany, according to the HP-sponsored report. This is the average amongst those who experienced attacks, not across all companies.

Cyber attacks costly

Malicious insiders appear to be causing the most trouble, with each event costing an average of $154,000.

That cost is calculated from a number of factors, from detection, investigation and containment to data loss, business disruption and equipment damage.

Each surveyed company was successfully penetrated by a cyber attack 1.4 times a week, whilst smaller businesses were seeing more cost per seat than larger organisations.

According to Dr Larry Ponemon (pictured), chairman and founder of the eponymous institute, one big problem is that IT teams are spending on the wrong technologies.

The research found the network received the most spend, even though security intelligence systems appeared to bring the biggest rewards. The application layer, which many agree is the most attacked, only receives an average of 16 percent of the security budget, compared to 35 percent on the network, the study suggested.

Those using security intelligence systems were said to enjoy average cost savings of nearly $2 million when compared to those who didn’t.

Ponemon thinks this dichotomy could be explained by laziness within IT teams. “There may be a mentality that if I don’t know about it, it’s not a problem,” he told TechWeekEurope. “People in security get locked into what they’re doing.”

He also admitted that carrying out such research was difficult, given many organisations don’t tell the truth when it comes to revealing the cost of cyber crime.

Ponemon was shocked to find one case where a company thought it had seen great benefits by reducing its number of infected endpoints from five percent to one percent. Just one infected machine is enough to cause businesses problems, he noted.

As for previous studies on cost, including a Detica claim that the cost of cyber crime to Britain was £27 billion and a McAfee assertion that the global cost was $1 trillion, Ponemon said he had no idea how they reached those high figures. Those studies appeared to be based on bad mathematics, he added.

The Ponemon study does not take into account all those organisations who do not see cyber attacks on their infrastructure.

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago